← Home

@matrix-org/matrix-sdk-crypto-wasm

npm Repository Homepage

WebAssembly bindings of the matrix-sdk-crypto encryption library

8
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

matrixdotorg

Keywords

matrixchatmessagingrumanio

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
semgrep semgrep:new-function-constructor AI (semgrep): Standard wasm-bindgen generated glue code pattern for WASM interop; new Function() here constructs JS functions from WASM memory strings as part of the wasm-pack build toolchain. ai
semgrep semgrep:api-obfuscation-reflect AI (semgrep): Reflect.get() in wasm-bindgen/wasm-pack generated JS glue code is standard WASM interop pattern, not obfuscation. Stable false positive for this package. ai

Versions (showing 8 of 8)

Version Deps Published
18.3.1 0 / 18
18.3.0 0 / 18
18.2.0 0 / 18
18.1.0 0 / 18
18.0.0 0 / 18
17.1.0 0 / 17
17.0.0 0 / 17
16.0.0 0 / 17

v18.3.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.3.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.